[PATCH v2 0/8] slab: provide and use krealloc_array()
From: Bartosz Golaszewski bgolaszewski@baylibre.com
Andy brought to my attention the fact that users allocating an array of equally sized elements should check if the size multiplication doesn't overflow. This is why we have helpers like kmalloc_array().
However we don't have krealloc_array() equivalent and there are many users who do their own multiplication when calling krealloc() for arrays.
This series provides krealloc_array() and uses it in a couple places.
A separate series will follow adding devm_krealloc_array() which is needed in the xilinx adc driver.
v1 -> v2: - added a kernel doc for krealloc_array() - mentioned krealloc et al in the docs - collected review tags
Bartosz Golaszewski (8): mm: slab: provide krealloc_array() ALSA: pcm: use krealloc_array() vhost: vringh: use krealloc_array() pinctrl: use krealloc_array() edac: ghes: use krealloc_array() drm: atomic: use krealloc_array() hwtracing: intel: use krealloc_array() dma-buf: use krealloc_array()
Documentation/core-api/memory-allocation.rst | 4 ++++ drivers/dma-buf/sync_file.c | 4 ++-- drivers/edac/ghes_edac.c | 4 ++-- drivers/gpu/drm/drm_atomic.c | 3 ++- drivers/hwtracing/intel_th/msu.c | 2 +- drivers/pinctrl/pinctrl-utils.c | 2 +- drivers/vhost/vringh.c | 3 ++- include/linux/slab.h | 18 ++++++++++++++++++ sound/core/pcm_lib.c | 4 ++-- 9 files changed, 34 insertions(+), 10 deletions(-)
From: Bartosz Golaszewski bgolaszewski@baylibre.com
When allocating an array of elements, users should check for multiplication overflow or preferably use one of the provided helpers like: kmalloc_array().
There's no krealloc_array() counterpart but there are many users who use regular krealloc() to reallocate arrays. Let's provide an actual krealloc_array() implementation.
While at it: add some documentation regarding krealloc.
Signed-off-by: Bartosz Golaszewski bgolaszewski@baylibre.com Acked-by: Vlastimil Babka vbabka@suse.cz --- Documentation/core-api/memory-allocation.rst | 4 ++++ include/linux/slab.h | 18 ++++++++++++++++++ 2 files changed, 22 insertions(+)
diff --git a/Documentation/core-api/memory-allocation.rst b/Documentation/core-api/memory-allocation.rst index 4446a1ac36cc..6dc38b40439a 100644 --- a/Documentation/core-api/memory-allocation.rst +++ b/Documentation/core-api/memory-allocation.rst @@ -147,6 +147,10 @@ The address of a chunk allocated with `kmalloc` is aligned to at least ARCH_KMALLOC_MINALIGN bytes. For sizes which are a power of two, the alignment is also guaranteed to be at least the respective size.
+Chunks allocated with `kmalloc` can be resized with `krealloc`. Similarly +to `kmalloc_array`: a helper for resising arrays is provided in the form of +`krealloc_array`. + For large allocations you can use vmalloc() and vzalloc(), or directly request pages from the page allocator. The memory allocated by `vmalloc` and related functions is not physically contiguous. diff --git a/include/linux/slab.h b/include/linux/slab.h index dd6897f62010..be4ba5867ac5 100644 --- a/include/linux/slab.h +++ b/include/linux/slab.h @@ -592,6 +592,24 @@ static inline void *kmalloc_array(size_t n, size_t size, gfp_t flags) return __kmalloc(bytes, flags); }
+/** + * krealloc_array - reallocate memory for an array. + * @p: pointer to the memory chunk to reallocate + * @new_n: new number of elements to alloc + * @new_size: new size of a single member of the array + * @flags: the type of memory to allocate (see kmalloc) + */ +static __must_check inline void * +krealloc_array(void *p, size_t new_n, size_t new_size, gfp_t flags) +{ + size_t bytes; + + if (unlikely(check_mul_overflow(new_n, new_size, &bytes))) + return NULL; + + return krealloc(p, bytes, flags); +} + /** * kcalloc - allocate memory for an array. The memory is set to zero. * @n: number of elements.
On Mon, Nov 02, 2020 at 04:20:30PM +0100, Bartosz Golaszewski wrote:
+Chunks allocated with `kmalloc` can be resized with `krealloc`. Similarly +to `kmalloc_array`: a helper for resising arrays is provided in the form of +`krealloc_array`.
Is there any reason you chose to `do_this` instead of do_this()? The automarkup script turns do_this() into a nice link to the documentation which you're adding below.
Typo 'resising' resizing.
On Mon, Nov 2, 2020 at 4:41 PM Matthew Wilcox willy@infradead.org wrote:
On Mon, Nov 02, 2020 at 04:20:30PM +0100, Bartosz Golaszewski wrote:
+Chunks allocated with `kmalloc` can be resized with `krealloc`. Similarly +to `kmalloc_array`: a helper for resising arrays is provided in the form of +`krealloc_array`.
Is there any reason you chose to `do_this` instead of do_this()? The automarkup script turns do_this() into a nice link to the documentation which you're adding below.
No, I just didn't know better. Thanks for bringing this to my attention.
Typo 'resising' resizing.
Will fix in the next iteration.
Bartosz
From: Bartosz Golaszewski bgolaszewski@baylibre.com
Use the helper that checks for overflows internally instead of manually calculating the size of the new array.
Signed-off-by: Bartosz Golaszewski bgolaszewski@baylibre.com Reviewed-by: Takashi Iwai tiwai@suse.de --- sound/core/pcm_lib.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/sound/core/pcm_lib.c b/sound/core/pcm_lib.c index d531e1bc2b81..c6f8f9e252e0 100644 --- a/sound/core/pcm_lib.c +++ b/sound/core/pcm_lib.c @@ -1129,8 +1129,8 @@ int snd_pcm_hw_rule_add(struct snd_pcm_runtime *runtime, unsigned int cond, if (constrs->rules_num >= constrs->rules_all) { struct snd_pcm_hw_rule *new; unsigned int new_rules = constrs->rules_all + 16; - new = krealloc(constrs->rules, new_rules * sizeof(*c), - GFP_KERNEL); + new = krealloc_array(constrs->rules, new_rules, + sizeof(*c), GFP_KERNEL); if (!new) { va_end(args); return -ENOMEM;
From: Bartosz Golaszewski bgolaszewski@baylibre.com
Use the helper that checks for overflows internally instead of manually calculating the size of the new array.
Signed-off-by: Bartosz Golaszewski bgolaszewski@baylibre.com Acked-by: Michael S. Tsirkin mst@redhat.com --- drivers/vhost/vringh.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/vhost/vringh.c b/drivers/vhost/vringh.c index 8bd8b403f087..08a0e1c842df 100644 --- a/drivers/vhost/vringh.c +++ b/drivers/vhost/vringh.c @@ -198,7 +198,8 @@ static int resize_iovec(struct vringh_kiov *iov, gfp_t gfp)
flag = (iov->max_num & VRINGH_IOV_ALLOCATED); if (flag) - new = krealloc(iov->iov, new_num * sizeof(struct iovec), gfp); + new = krealloc_array(iov->iov, new_num, + sizeof(struct iovec), gfp); else { new = kmalloc_array(new_num, sizeof(struct iovec), gfp); if (new) {
From: Bartosz Golaszewski bgolaszewski@baylibre.com
Use the helper that checks for overflows internally instead of manually calculating the size of the new array.
Signed-off-by: Bartosz Golaszewski bgolaszewski@baylibre.com Reviewed-by: Andy Shevchenko andriy.shevchenko@linux.intel.com --- drivers/pinctrl/pinctrl-utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/pinctrl/pinctrl-utils.c b/drivers/pinctrl/pinctrl-utils.c index f2bcbf62c03d..93df0d4c0a24 100644 --- a/drivers/pinctrl/pinctrl-utils.c +++ b/drivers/pinctrl/pinctrl-utils.c @@ -39,7 +39,7 @@ int pinctrl_utils_reserve_map(struct pinctrl_dev *pctldev, if (old_num >= new_num) return 0;
- new_map = krealloc(*map, sizeof(*new_map) * new_num, GFP_KERNEL); + new_map = krealloc_array(*map, new_num, sizeof(*new_map), GFP_KERNEL); if (!new_map) { dev_err(pctldev->dev, "krealloc(map) failed\n"); return -ENOMEM;
From: Bartosz Golaszewski bgolaszewski@baylibre.com
Use the helper that checks for overflows internally instead of manually calculating the size of the new array.
Signed-off-by: Bartosz Golaszewski bgolaszewski@baylibre.com Acked-by: Borislav Petkov bp@suse.de --- drivers/edac/ghes_edac.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/edac/ghes_edac.c b/drivers/edac/ghes_edac.c index a918ca93e4f7..6d1ddecbf0da 100644 --- a/drivers/edac/ghes_edac.c +++ b/drivers/edac/ghes_edac.c @@ -207,8 +207,8 @@ static void enumerate_dimms(const struct dmi_header *dh, void *arg) if (!hw->num_dimms || !(hw->num_dimms % 16)) { struct dimm_info *new;
- new = krealloc(hw->dimms, (hw->num_dimms + 16) * sizeof(struct dimm_info), - GFP_KERNEL); + new = krealloc_array(hw->dimms, hw->num_dimms + 16, + sizeof(struct dimm_info), GFP_KERNEL); if (!new) { WARN_ON_ONCE(1); return;
From: Bartosz Golaszewski bgolaszewski@baylibre.com
Use the helper that checks for overflows internally instead of manually calculating the size of the new array.
Signed-off-by: Bartosz Golaszewski bgolaszewski@baylibre.com Acked-by: Daniel Vetter daniel.vetter@ffwll.ch --- drivers/gpu/drm/drm_atomic.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/drm_atomic.c b/drivers/gpu/drm/drm_atomic.c index 58527f151984..09ad6a2ec17b 100644 --- a/drivers/gpu/drm/drm_atomic.c +++ b/drivers/gpu/drm/drm_atomic.c @@ -960,7 +960,8 @@ drm_atomic_get_connector_state(struct drm_atomic_state *state, struct __drm_connnectors_state *c; int alloc = max(index + 1, config->num_connector);
- c = krealloc(state->connectors, alloc * sizeof(*state->connectors), GFP_KERNEL); + c = krealloc_array(state->connectors, alloc, + sizeof(*state->connectors), GFP_KERNEL); if (!c) return ERR_PTR(-ENOMEM);
From: Bartosz Golaszewski bgolaszewski@baylibre.com
Use the helper that checks for overflows internally instead of manually calculating the size of the new array.
Signed-off-by: Bartosz Golaszewski bgolaszewski@baylibre.com --- drivers/hwtracing/intel_th/msu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/hwtracing/intel_th/msu.c b/drivers/hwtracing/intel_th/msu.c index 3a77551fb4fc..7d95242db900 100644 --- a/drivers/hwtracing/intel_th/msu.c +++ b/drivers/hwtracing/intel_th/msu.c @@ -2002,7 +2002,7 @@ nr_pages_store(struct device *dev, struct device_attribute *attr, }
nr_wins++; - rewin = krealloc(win, sizeof(*win) * nr_wins, GFP_KERNEL); + rewin = krealloc_array(win, nr_wins, sizeof(*win), GFP_KERNEL); if (!rewin) { kfree(win); return -ENOMEM;
From: Bartosz Golaszewski bgolaszewski@baylibre.com
Use the helper that checks for overflows internally instead of manually calculating the size of the new array.
Signed-off-by: Bartosz Golaszewski bgolaszewski@baylibre.com Acked-by: Christian König christian.koenig@amd.com --- drivers/dma-buf/sync_file.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/dma-buf/sync_file.c b/drivers/dma-buf/sync_file.c index 5a5a1da01a00..2925ea03eef0 100644 --- a/drivers/dma-buf/sync_file.c +++ b/drivers/dma-buf/sync_file.c @@ -270,8 +270,8 @@ static struct sync_file *sync_file_merge(const char *name, struct sync_file *a, fences[i++] = dma_fence_get(a_fences[0]);
if (num_fences > i) { - nfences = krealloc(fences, i * sizeof(*fences), - GFP_KERNEL); + nfences = krealloc_array(fences, i, + sizeof(*fences), GFP_KERNEL); if (!nfences) goto err;
On Mon, Nov 02, 2020 at 04:20:37PM +0100, Bartosz Golaszewski wrote:
From: Bartosz Golaszewski bgolaszewski@baylibre.com
Use the helper that checks for overflows internally instead of manually calculating the size of the new array.
...
nfences = krealloc_array(fences, i,sizeof(*fences), GFP_KERNEL);
On 80 position is closing parenthesis, which, I think, makes it okay to put on one line.
On Mon, 2020-11-02 at 16:20 +0100, Bartosz Golaszewski wrote:
From: Bartosz Golaszewski bgolaszewski@baylibre.com
Andy brought to my attention the fact that users allocating an array of equally sized elements should check if the size multiplication doesn't overflow. This is why we have helpers like kmalloc_array().
However we don't have krealloc_array() equivalent and there are many users who do their own multiplication when calling krealloc() for arrays.
This series provides krealloc_array() and uses it in a couple places.
My concern about this is a possible assumption that __GFP_ZERO will work, and as far as I know, it will not.
On Tue, Nov 3, 2020 at 5:14 AM Joe Perches joe@perches.com wrote:
On Mon, 2020-11-02 at 16:20 +0100, Bartosz Golaszewski wrote:
From: Bartosz Golaszewski bgolaszewski@baylibre.com
Andy brought to my attention the fact that users allocating an array of equally sized elements should check if the size multiplication doesn't overflow. This is why we have helpers like kmalloc_array().
However we don't have krealloc_array() equivalent and there are many users who do their own multiplication when calling krealloc() for arrays.
This series provides krealloc_array() and uses it in a couple places.
My concern about this is a possible assumption that __GFP_ZERO will work, and as far as I know, it will not.
Yeah so I had this concern for devm_krealloc() and even sent a patch that extended it to honor __GFP_ZERO before I noticed that regular krealloc() silently ignores __GFP_ZERO. I'm not sure if this is on purpose. Maybe we should either make krealloc() honor __GFP_ZERO or explicitly state in its documentation that it ignores it?
This concern isn't really related to this patch as such - it's more of a general krealloc() inconsistency.
Bartosz
On Tue, Nov 3, 2020 at 12:13 PM Bartosz Golaszewski brgl@bgdev.pl wrote:
On Tue, Nov 3, 2020 at 5:14 AM Joe Perches joe@perches.com wrote:
On Mon, 2020-11-02 at 16:20 +0100, Bartosz Golaszewski wrote:
From: Bartosz Golaszewski bgolaszewski@baylibre.com
Yeah so I had this concern for devm_krealloc() and even sent a patch that extended it to honor __GFP_ZERO before I noticed that regular krealloc() silently ignores __GFP_ZERO. I'm not sure if this is on purpose. Maybe we should either make krealloc() honor __GFP_ZERO or explicitly state in its documentation that it ignores it?
And my voice here is to ignore for the same reasons: respect realloc(3) and making common sense with the idea of REallocating (capital letters on purpose).
participants (6)
-
Andy Shevchenko -
Andy Shevchenko -
Bartosz Golaszewski -
Bartosz Golaszewski -
Joe Perches -
Matthew Wilcox